I have a little HP Proliant microserver running ubuntu server and when I installed it I used encrypted LVM. I now want to add a new 2TB disk. I have added the disk to the box and can see it with fdisk -l.

The next thing I want to do is add it to the existing volume group so I have one big drive (I'll make backups on an external device using unison as not much will change each day).

The LVM commands seem straight forward (pvcreate, followed by vgextend I think), but what I'm not sure about is how to handle encryption. Do I run cryptsetup first then the LVM commands? Do I use the same password as for the current harddrive and do they figure out they are working together or will I need to enter the password twice?

Can someone help?

Thanks.

Last edited by daudi on Sat Jul 07, 2012 6:35 pm, edited 1 time in total.

I made a backup which took hours to copy, used cryptsetup with the same password as the original disk, then pvcreate etc. to create the physical volume and add the new drive. Then I used resize2fs while the system was mounted and ended up with my 2Tb added to my system. It all went completely smoothly and I started questioning myself for wasting hours doing the backup.

Then I rebooted. Ah. I was prompted to enter the password of the original drive as usual but then got a message saying:

I've clearly missed a step somewhere. I think I need a way of telling my system to prompt for the password of the second (new) disk. But I don't know where to add this from within the busybox environment.

and was able to see the physical volumes, logical volumes and volume groups. I tried to mount the main volume group and it was not recognised. Then I noticed that it was marked as "not available". Using

I made it available and was then able to mount it and see all the files on it.

So the next thing to figure out is how to get a prompt at boot to open the new disk. I think I need to play with crypttab but that will have to wait until tomorrow. At least I feel I can sleep tonight.

Nope, adding a line to crypttab doesn't help. I still only get asked for the password to the first disk, I think because this is listed as the root in the boot parameters in grub.conf.

I tried adding a keyfile hoping that at boot it would be possible for both discs to access the same file, but again the path to the keyfile is specified in the boot parameters in grub.conf

So then I thought about backing out of this and removing the new disk. But pvdisplay shows that all extents are in use and there is not enough space on the original disk to use pvmove (even though most of the disk is actually free, there are few files on it).

I've sure learnt a lot over the last 24 hours about crypsetup and lvm! But I don't know what to try next, other than to wipe the drives, reinstall from scratch and restore my backup of /home.

I think that the answer to my original question is: lvm over encryption does not work for the root filesystem. I think I'll need to use the new disk only for /home.

I prefer to do it the other way round, LVM on unencrypted devices then encrypted filesystems on the LVM volumes. It's simpler and you can save overhead by not encrypting filesystems that don't need it.

"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)

That sounds promising. I have it this way round because that is how it happened with the ubuntu server install. I'll read up about doing the other way around, it does sound easier to manage (and surprises me that ubuntu doesn't do it this way).